"C-level executives might finally be committing to making security a real priority, but all this talk of risk management is just a thinly veiled admission that people understand that they're totally defenseless, despite spending millions," said Vincent Weeper, chief research scientist at anti-malware specialist Cement-Tech. "Hopefully, we can keep the wool pulled over their eyes in terms of selling them more products, but let's face it, this ship actually sailed about five years ago."
Despite the promise of newer security technologies including DLP (data leakage prevention) and NAC (network access control) tools, it would seem that businesses are only fooling themselves into thinking that crafty hackers haven't already figured out ways to bypass any system aimed at stopping their attacks, according to the report.
Some industry watchers maintain that such products that have previously been tabbed as representing the best hopes for improving corporate security are actually just ideas cooked up by venture capitalists to give them an excuse to brag to their Silicon Valley colleagues how smart and cool they are because they're remotely involved in a game of "electronic cops and robbers."
"Basically, if you're looking for leakage prevention, you'd be better off strapping a carton of Depends diapers to your servers," said Jake Andrith, an analyst at Opportunist Research. "NAC has been on the market for two years and nobody even understands what it is supposed to do, let alone how to use it -- not that it works, anyway."
Looking into the future, experts predict that companies will continue to buy products, create internal initiatives, and pretend to welcome security-oriented compliance mandates even as hackers from all over the world simultaneously rob them of their most valuable customer data and intellectual property.
The problem is that hackers are simply more intelligent and better motivated than their peers in the security industry, not including the majority of self-proclaimed white hat hackers who also sell vulnerability and exploit data to criminals to pad their incomes, said Cathy Mooseiris, security forensics researcher at MicroSieve.
"It's pretty much a given that most of the top people in the industry are playing both sides of the fence, because the truth is at the end of the day, they care more about making money than protecting some business concern they don't work for," Mooseiris said. "If I was a chief security officer, I'd be looking for a job that wasn't so completely impossible."
[ April Fools! Click here for more InfoWorld April Foolery. ]
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Security Resource Alerts
This white paper provides guidance on how to develop a strategic approach to managing and monitoring logs, a key function required for compliance with many regulatory mandates and a critical defense against security threats.
Download now! »
Learn about the processes and technologies that support security information management (SIM) operations, as well as the business case for SIM. The series examines different options for implementing SIM and gives you evaluation criteria for selecting the best option for your organization.
Download now! »
Learn the strategies, actions, and capabilities that Best-in-Class organizations employ and technologies they choose to obtain superior performance against various security performance metrics. This report provides guidelines for identifying which security solutions to consume as a MSS and defines best practices for choosing and managing MSSPs.
Download now! »
Recommend This
